Queue Manager Clusters: Stopping unauthorized queue managers putting messages on your queues

Stopping unauthorized queue managers putting messages on your queues

To prevent certain queue managers from putting messages on a queue, use the security facilities available on your platform. For example:

RACF^(R) or other external security managers on WebSphere MQ for z/OS
The Object Authority Manager (OAM) on WebSphere MQ for iSeries, WebSphere MQ on UNIX systems, and WebSphere MQ for Windows, and on MQSeries for Compaq Tru64 UNIX, V5.1, MQSeries for Compaq OpenVMS Alpha, V5.1, and MQSeries for Compaq NonStop Kernel, V5.1
User-written procedures on MQSeries for OS/2 Warp

In addition, you can use the PUT authority (PUTAUT) attribute on the CLUSRCVR channel definition. The PUTAUT attribute allows you to specify what user IDs are to be used to establish authority to put a message to a queue. The options on the PUTAUT attribute are:

DEF

Use the default user ID. On z/OS this might involve using both the user ID received from the network and that derived from MCAUSER.

CTX

Use the user ID in the context information associated with the message. On z/OS this might involve using either the user ID received from the network, or that derived from MCAUSER, or both. Use this option if the link is trusted and authenticated.

ONLYMCA (z/OS only)

As for DEF, but any user ID received from the network will not be used. Use this option if the link is not trusted and you want to allow only a specific set of actions on it, which are defined for the MCAUSER.

ALTMCA (z/OS only)

As for CTX, but any user ID received from the network will not be used.

For more information about using the PUTAUT attribute on a channel definition, see the WebSphere MQ Intercommunication book or see the WebSphere MQ Script (MQSC) Command Reference book.

Note:

As with any other transmission queue, applications cannot put messages directly to SYSTEM.CLUSTER.TRANSMIT.QUEUE without special authorization.

WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.